Auth0 Home Blog Docs

disabling CORS good enough?

cors
rest-api

#1

If a web application communicates with it’s back end via REST API, and that API is only meant to serve the web app and no other client, and if they communicate with each other on the same origin (http://myapp.com/api), will I need authentication on that REST API at all? Will disabling CORS be good enough?
Sorry if the answer is obvious…this is not my area of expertise.